PDA

View Full Version : Web Designers / Developers Take Note



hawker
21st December 2004, 09:56 AM
URGENT, PLEASE TAKE NOTE:


Following my original post it has been brought to our attention that the highlighting exploit can be taken advantage of, and it a serious way. We are hastily preparing a new release. However that release contains a number of other fixes and additions and thus we carrying out some internal testing to limit the chances of other issues arising.

In the mean time we strongly, and I mean strongly! urge all our users to make the following change to viewtopic.php as a matter of urgency.

check phpbb.com for updates!

This also brings up the fact that AppleTalk should have a pro-digital area for members. for Video Prodution, Graphic Design, Web Design.... well maybe.

jbjose
21st December 2004, 10:01 AM
Originally posted by hawker@Dec 21 2004, 09:56 AM
This also brings up the fact that AppleTalk should have a pro-digital area for members. for Video Prodution, Graphic Design, Web Design.... well maybe.
I second that.

iSlayer
21st December 2004, 10:21 AM
i third that.
it would be cool to have a section where we can talk about coding or ask for help.its not mac related as such but i do my coding on a mac :)

and i also say that professional sites shouldn't use phpbb.
there is a reason its free :)

im glad this site uses invision

iSlayer
21st December 2004, 10:24 AM
and just to add something there have been a few sites(phpbb boards) which have been taken down over the last 10 days because of code exploits.

the webmasters have had a hell of a time trying to revivie the boards but it seems alot of them have lost the databases so its virtually dead


i will offer my services free of charge to anyone here to apply the patches

hawker
21st December 2004, 11:01 AM
Originally posted by islayer@Dec 21 2004, 10:21 AM
and i also say that professional sites shouldn't use phpbb.
there is a reason its free :)
I agree with this islayer. InvisionBoard is by far the best "FREE" forum.

I am also happy to consult with anyone who might be having problems with forum instillations.

the_argon
21st December 2004, 11:10 AM
It's kind of a bit of a worry, if there is an exploit for Invisionboard then half the net's boards are at risk.

I spose it's wise to stay updated. On that note if anyone finds an exploit let one of the admins know via IM ASAP. (Please don't post it in the forums.)

edited the title also, so it doesn't stretch the side menu. :)

hawker
21st December 2004, 11:31 AM
Originally posted by the_argon@Dec 21 2004, 11:10 AM
It's kind of a bit of a worry, if there is an exploit for Invisionboard then half the net's boards are at risk.
Don't curse us.... I have like five different installs going here!

iSlayer
21st December 2004, 11:33 AM
its only a matter of time :)
invision are better with patches cos you have to pay to use the software.

funkmaster_dan
21st December 2004, 01:09 PM
The inside mac games website appears to be temporarly down, they happen to use phpbb for their forum dont they?

iSlayer
21st December 2004, 01:14 PM
i dont see why they would take the whole site down though
i was annoyed when i went to get my daily fix of gaming news thismorning

sillydog701
21st December 2004, 01:52 PM
This security hole in PHP does not just affect phpBB, but also Invision Power Board.


Similar flaws could affect other popular web applications, including the Invision Power Board, vBulletin and PHPAds(New), which all use the unserialize function to access data stored in a cookie, according to Stefan Esser of The Hardened PHP Project, which released the initial advisory Thursday.

iSlayer
21st December 2004, 01:56 PM
ah i see
got a link to the story?

ForwardSlash
21st December 2004, 02:03 PM
God damn it, looks like one of my users has been screwed by this thing. I'm trying to recover the board now but I may have to give them the bad news.

hawker
21st December 2004, 02:08 PM
Back up databases, web sites and monitor all of the forums closley.

Thankfully my server admin are putting out patches that should keep the problem at bay. However, watch for updates and update ASAP!

the_argon
21st December 2004, 02:10 PM
Thankfully we've got an updated version of php on the Xserve so it wont effect AppleTalk :)

iSlayer
21st December 2004, 02:13 PM
what version is that.

i run the default os x install of php on all my machines including my os x server box

hawker
21st December 2004, 02:18 PM
Originally posted by the_argon@Dec 21 2004, 02:10 PM
Thankfully we've got an updated version of php on the Xserve so it wont effect AppleTalk :)
I'd hope so :P

Where would we go if this place closed down B)

iSlayer
21st December 2004, 02:19 PM
we would have to get lives :)

sillydog701
21st December 2004, 02:44 PM
Originally posted by islayer@Dec 21 2004, 01:56 PM
ah i see
got a link to the story?
The story, PHP Exploit Enables Theft of phpBB Passwords (http://news.netcraft.com/archives/2004/12/18/php_exploit_enables_theft_of_phpbb_passwords.html) .

Disko
21st December 2004, 02:46 PM
Originally posted by hawker@Dec 21 2004, 10:26 AM
This also brings up the fact that AppleTalk should have a pro-digital area for members. for Video Prodution, Graphic Design, Web Design.... well maybe.
Your wish is my command (http://forums.appletalk.com.au/index.php?showforum=18).

hawker
21st December 2004, 03:35 PM
You rock Disko. Now I have a place to hide :P

Currawong
21st December 2004, 07:19 PM
A Mac OS X binary can be found here (http://www.entropy.ch/software/macosx/php/) for anyone interested.

funkmaster_dan
21st December 2004, 09:22 PM
Originally posted by islayer@Dec 21 2004, 01:44 PM
i dont see why they would take the whole site down though
i was annoyed when i went to get my daily fix of gaming news thismorning
The whole IMG site is database driven, the security hole allows for phpBB database passwords to be stolen. Maybe for some reason they got the whole site running off one database or they use the same password for all their databases.

iSlayer
21st December 2004, 09:24 PM
the img site works its just the main page that is down.
i was just looking at some stuff in there archives

iSlayer
22nd December 2004, 07:13 AM
there is indeed a news item on img about them being hacked.
they are switching to new forum software

TAK
26th December 2004, 02:34 PM
I agree with this islayer. InvisionBoard is by far the best "FREE" forum.

InvisionBoard is not free. Well, 1.3 is (which is what AppleTalk is running) though it is no longer being distributed. 2.X all require payment now and there were some security issues with 2.0.


and i also say that professional sites shouldn't use phpbb.
there is a reason its free

That is the same as saying if you host a website, you should not use Linux. I applaud large sites/business/corporations who choose to support open source and free projects. This entire website is coded using a lot of PHP - you can download PHP absolutely free.

phpBB announced the problem immediately and released a patch to fix the problem. The made an effort to get the news out to as many people as possible, but of course it is also up to forum operators to make sure they are uptodate with the latest versions.

-TAK